34 matches found
CVE-2023-4344
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection...
TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
RUSTSEC-2023-0027 TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
CVE-2020-6998
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to ...
Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-5120-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5120-1 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to...
Denial Of Service (DoS)
linux is vulnerable to denial of service. The vulnerability exists due to an incorrect connection-setup ordering in fs/nfs/nfs4client.c...
CVE-2021-38199
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service hanging of mounts by arranging for those servers to be unreachable during trunking detection...
UBUNTU-CVE-2021-38199
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service hanging of mounts by arranging for those servers to be unreachable during trunking detection...
UVI-2021-1001385 NFSv4: Initialise connection to the server in nfs4_alloc_client()
NFSv4: Initialise connection to the server in nfs4allocclient This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.198 by commit...
CVE-2020-11243
RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...
The vulnerability of the Manager component in the real-time data synchronization tool Oracle GoldenGate, which allows a hacker to trigger a service failure.
The vulnerability of the Manager component in the real-time data synchronization tool Oracle GoldenGate relates to the handling of the zero pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending an incorrect command during the TCP connection...
Buffer overflow
Buffer overflow in NetSupport Manager NSM Client 10.00 and 10.20, and NetSupport School Student NSS 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor...
mnoGoSearch 3.1.20 - Remote Command Execution
!/usr/bin/perl reloaded Remote Exploit for mnoGoSearch 3.1.20 that performs remote command execution as the webserver user id for linux ix86 by pokleyzz use IO::Socket; $host = "127.0.0.1"; $cmd = "ls -la"; $searchpath = "/cgi-bin/search.cgi"; $rawret = 0xbfff105c; $ret = ""; $suffsize = 0; $port...
Windows 2000 SMB signing protection bypass
During connectio nsetup it's possible to switch off SMB signing regardless of policy setting...